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Unclassified 


WG  Purpose/Focus 


Purpose: 

•  Define  the  problems  &  approaches  in  greater  fidelity  based  on  input  from  panels 

•  Develop  courses  of  action  or  methodologies  to  reconcile  issues  identified 

•  Develop  recommendations  for  DoD  leadership  on  the  process  /  steps  needed  to 
develop  the  structure  for  and  methodology  to  perform  cyber  SA  assessments 

Focus: 

•  Develop  potential  characteristics  of  an  initial  framework  that  will  enable  the  scoping 
and  prioritization  of  cyber  SA  assessments 

•  Using  the  initial  framework,  develop  a  proposed  scope  of  DoD  cyber  and  the  system 
attributes  for  which  SA  must  be  assessed 

•  Using  the  initial  framework,  develop  a  proposed  scope  for  adversary  cyber  and  the 
system  attributes  for  which  SA  must  be  assessed 

•  Identify  potential  cyber  SA  assessment  families  of  tools 
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Step  1 :  Top  Cyber  SA  Needs  for  Mission  Assurance 


1  -  Cyber  Environment  (INFOCON) 

•  Abnormal  Activity 

•  Normal  Activity 

2  -  Cyber  Health  fk  Status 

»  Ours 

•  Partners/Coalition/Commercial 

3  -  Cyber  Capability  Impact 

•  Availability  of  Forces/Assets 

9  What  is  lost  if  supporting  cyber 
capability  goes  down? 

•  What  is  the  impact  to  an  adjacent 
capability? 

•  Tradeoff  Space?  Mitigation  Costs? 

4  -  Mission  Impact 

•  What  is  the  probable  degradation 
to  the  intended  mission? 

•  What  is  the  likelihood  of  success? 

•  Tradeoff  Space?  Mitigation  Costs? 


5  -  Adversary  Cyber  Profile 

•  Who  are  they?  What  are  they  capable 
of?  What  are  their  TTPs? 

•  What  are  their  vulnerabilities? 

•  Temporal  aspects 

6  -  Cyber  Resiliency 

•  Reconstitution 
9  Redundancy 

9  Mitigation 

•  Continuity  of  Operations  (COOP) 

7  -  Cyber  Relationships  (Authorities) 

•  Supported 

•  Supporting 

9  External  (Commercial) 
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Mission  Assurance:  Analysis  for  Cyber  Operations 


WG1 :  What  we  found 


•  Developing  the  formal  framework  that  will  enable  scoping  and  prioritization  of  cyber 
SA  assessments  is  difficult 

•  Network  Management  (NM),  Computer  Network  Defense  (CND),  and  Computer  Network 
Attack  (CNA)  are  separate  functions  that  require  tailored  approaches 

•  Clear  definitions  and  delineation  are  a  necessity 

•  Responses  and  reactions  vary  depending  on  visibility  and  mission  impact 

•  Patti’s  computer/comms  aren’t  as  important  as  the  CC’s 

•  Urgency,  as  a  function  of  the  mission,  needs  to  be  captured 


Mission  assurance  and  criticality  drive  system  prioritization 


•  Current  Cyber  SA  is  very  limited 

•  Modeling  framework  must  be  flexible  so  that  criteria  can  be  added/subtracted  or 
modified  for  different  scenarios 

•  Automated  data  collection  and  visualization  are  imperative 

•  Allow  time  to  analyze  and  understand  the  data  to  provide  insight 

•  Reduce  latency  in  decision-making,  comprehension,  and  response 

•  Provide  a  better  comprehension  of  the  situation/cyber  geography 
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Mission  Assurance:  Analysis  for  Cyber  Operations 


WG1:  Key  data  questions 


Cyber  SA  Needs 


Mission  Needs 

•  What  is  the  relevance  of  the  data  to  the  mission? 

•  Which  data  has  a  higher  priority? 

•  Who  should  have  access  to  the  data? 


1-  Cyber  Environment 

2-  Cyber  Health  &  Status 

3-  Cyber  Capabilities  Impact 

4-  Mission  Impact 

5-  Adversary  Cyber  Profile 

6-  Cyber  Resiliency 

7-  Cyber  Relationships 


•  How  to  filter/compartmentalize  sensitive  data  in  a  Coalition  environment? 

•  Sources 

•  What  source  provided  the  data? 

•  Can  we  trust  the  data  source  and/or  the  consolidation  of  the  data? 

•  With  whom  can  we  share  the  data? 

•  With  what  frequency  is  the  data  provided/refreshed? 

•  How  can  we  improve  visibility  into  coalition/partner/service  data? 

•  Attributes 

•  Is  the  data  available? 

•  How  valid  is  the  data? 

•  What  is  the  lifespan  of  the  data? 

•  Can  access  to/analysis  of  the  data  be  automated. ..Can  you  trust  the  algorithm? 
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nims 


WG  1  -  Open  Questions 

•  What  are  the  Legal/Policy  issues  affecting  our  ability  to  have  the  SA  we  need? 

•  Domestic,  International,  Title  Issues 

•  National,  Departmental,  Unit,  etc. 

•  How  can  we  improve  Cyber-focused  Wargame  engagements? 

•  Depth  of  Cyber  Order  of  Battle  understanding 

•  How  would  we  best  implement  a  DIRCYFOR? 

•  How  do  we  anticipate  vulnerabilities  associated  with  emerging  technologies? 

•  Cloud  computing,  mobile,  social  networking,  etc. 

•  Can  we  define  the  full  spectrum  of  cyber  impacts  from  the  Human  Element? 

•  Social  engineering,  shaping/influencing  opinions,  attack  vectors,  etc. 

•  How  would  we  establish  a  concept/doctrine/process  for  Cyber  Deterrence? 

•  How  do  we  determine  adversary’s  intent? 
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WG  1  -  Potential  Cyber  SA  Assessment  Capabilities 

•  Comprehensive  Cyber  Assessment  Framework  (MOEs  &  MOPs) 

•  Cyber  Common  Operating  Picture  (COP) 

•  Cyber  Dashboard 

•  Supporting  Tools 

•  Data  Collection  and  Aggregation  Tools  (Collection  point  for  data 
from  multiple  sources;  correlation  analysis) 

•  Visualization  Tools,  i.e.  Malicious  Activity  or  Network  Management 

•  Techniques 

•  Pattern  Recognition  (Abnormal  pattern  detection) 

•  Neural  Networks,  Anomaly  Detection,  Statistical  Process  Control 

•  Epidemiology  Modeling  (Worm  or  Malware  propagation) 

•  Predictive  Modeling  (“Cyber  Weather”??) 

•  Agent-based  Modeling  (Impact  of  network  activity) 

•  Game  Theory  (Risk  Analysis) 
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FT1SH5 


WG  1  -  Way  Ahead 

•  Analyze  gaps/shortfalls  in  cyber  support  to  current  missions 

•  Investigate  means  for  quickly  determining  lines  of  authority 
responses  given  suspicious  activity  at  known  locations  (IP 
addresses) 

•  Speeds  interagency  coordination  and  decisions  on  legal 
implications 
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WG  1  -  Recommendations 

«  Develop  a  comprehensive  framework  that  will  enable  the  scoping 
and  prioritization  of  cyber  SA  assessments 

•  Sponsor  a  study  to  develop  a  cyber  SA  framework 

*  Establish  a  sharable  baseline  of  cyber  data  to  support 
warfighter  analysis 

*  Drive  POM  inputs  for  cyber  capabilities,  tools,  etc. 
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